On January 3, George Hotz, or geohot as he calls himself, a hacker previously involved in the effort to jailbreak the iPhone, released the private key to the PlayStation 3, using techniques described by the group fail0verflow at the 2010 Chaos Communication Congress. Essentially, possession of the key allows users to create and run signed software on their PS3s without the use of any sort of external USB device–i.e., to run the software as if it had been distributed by Sony.

There is every indication that this is why the parties involved exploited the, well, exploit–so that they and others would be able to use the machines that they own to run whatever software they want to write for it or share with each other (fail0verflow claims to have developed the hack in order to allow PS3s of all firmware versions to run Linux). Of course, one of the side effects of the release of the key is that users can now, if they so choose, use it to run pirated versions of PlayStation 3 games on their machines, which Sony is loathe to allow.

In a response eerily reminiscent of that of Universal and its cohorts following the release of DeCSS and of that of the MPAA and AACS LA following the release of the AACS cryptographic key (the key that protects Blu-Ray DVDs), the corporate machine leapt into action (after one embarrassing gaffe on Twitter), and fired off lawsuits against both fail0verflow and geohot, causing the latter to start a legal defense fund.

This case lies much closer to that of AACS than that of DeCSS–the court ruled, in Universal v. Corley, that DeCSS was not protected speech because, among other things, the DMCA’s restrictions on circumventing technologies was “content-neutral,” and DeCSS seemed to have been distributed for the purpose of redistributing copyrighted DVDs, at least according to the District Court. In the case of the AACS key, while the MPAA and AACS LA issued numerous DMCA takedown notices (notably to Digg), this was the only legal action taken: no lawsuits were filed, and the legal status of the key remains up in the air.

In the case of the PS3, the stated purpose for circumventing the “technological measures” that “effectively control” access to the PS3 was to get the machine to run Linux–undoubtedly, this is not in violation of any copyright law. But will this be its primary use? The court tells us in MGM v. Grokster that we must consider not only whether a noninfringing use exists, but its relative frequency compared to that of infringing uses.

Will most users use the key to play pirated games? More importantly, does it matter?

Similar to the avalanche of posts of “09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0” on Digg following the MPAA’s response to the release of the key, a…flurry? of “46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2” posts appeared on Reddit in the aftermath of geohot’s publication of the key. Both communities felt a sense of injustice that posting a 128- or 160-bit key, a number short enough to scrawl on the back of one’s hand, should subject the poster to prosecution.

On the other hand, the DeCSS program, in its shortest incarnation, is only 434 bytes, or 3472 bits, only about 20 times as long as the AACS and PS3 keys, and the court found that it was illegal–just as a clever Digg user created a flag using the hexadecimal key, or how I shamelessly copied the idea to make a flag of my own, so too did protestors of the DeCSS decision create MIDIs, plays, and even a haiku of the program.

When everything is expressed in terms of numbers, anything can be expressed in terms of anything else. The court has ruled that some numbers are illegal, so where exactly is the line? If I write some protection protocol with a cryptographic key of “1”, can I go around issuing DMCA takedown notices to every website that has the audacity to post a “1” somewhere? Would that even count as an effective technological measure? Probably, since knowledge of the key is generally not enough to crack the code–one must also know where to put it, which requires some amount of proficiency with computers (arguably more proficiency than most users possess).

So where is the line? Is it at 10 bits? 100? 1000? We already know it can’t be any greater than 3472. The problem is, wherever the line is drawn, it will be arbitrary–any attempt to exclude some kinds of speech from protection will, when taken to its logical extent, inevitably result in some sort of restriction that seems ridiculous and unfair. There will always be some tricky end case.

Your flag image was uploaded to wikipedia, and then within a day or so it was deleted by administrators.

You can see in the history of the Playstation 3 article, for example, the edits have been deleted, but unlike ordinary deletions, you cannot even go back and read the deleted edits.

Apaprently part of the problem is that the citation for the flag was a link to your article, which of course replicated the title of your article, which of course contains the key.

Im not going to post a link, in an effort to get around whatever spam filter is used on this blog. However if you go to google and search for ‘free speech ps3 flag’ you will see that it used to be at wikimedia commons, but if you click on it it is erased.

so this is attempt number 3 to post on your blog, my posts keep getting eaten.

im trying to say that your flag was uploaded to wikipedia, and used in 3 articles, the George Hotz, Illegal Number, and Playstation 3 articles. Within a day or two it was deleted. You can look at the history of the playstation 3 article in particular to see the deletion, it is more than an ordinary deletion, they deleted it so that you cant see the past edits.

Your flag was not the first or only version of a ps3 free speech flag. On the wikimedia commons article, there were 6 or 7 variations of the flag lised, which had been gleaned from the internet. One has 7 bars of color, no letters. Another had pale letters instead of black. Of course that article is now deleted so … one can hunt them down independently to verify.

The sad part is that the “46 DC” key is NOT what geohot released. It does NOT let you run your own code. It does NOT let you do anything interesting. It’s an internal key used to authenticate service dongles and which was never very useful (it requires hardware, it can only be used to run signed executables, and on current consoles it actually causes semi-permanent damage when used). But somehow people started calling it the “master key” even though it’s useless, and now it’s all over the internet.

Here’s an idea. Publish some legitimate political commentary with the key material threaded through it. Design it so that none of the key material can be deleted or changed without causing a significant change to the content of the political commentary. It would be interesting to see a court trying to justify itself limiting the publication of speech that is so clearly protected.

“The court tells us in MGM v. Grokster that we must consider not only whether a noninfringing use exists, but its relative frequency compared to that of infringing uses.”

Never mind that innocence is assumed before any level of guilt can be proven. Whether future guilt should be considered is irrelevant. Can a car be used in a bank heist as a get away car? Can a pencil be used to write a mad man’s manefesto? GeoHotz’ primary motive is not criminal, and therefor this is a bullshit sham by Sony to try to scare people interested in fiddling with their equipment. If any crime here has been committed it is on Sony’s part for installing root kits and spying on their customer base. What an atrocious company.

vivin: thanks for posting that. . . . i dont know why the ‘dongle key’ has spread so fast compared to the other keys. it would be interesting to trace the lineage. there are at least 5-6 other ‘dongle key’ flags out there, i can only find one flag like yours though (on your site)